mp3jamsetup.exe

Orbita LLC

The application mp3jamsetup.exe, “MP3jam Setup ” by Orbita has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from dawwpk9vo4we.cloudfront.net.
Publisher:
MP3jam   (signed by Orbita LLC)

Product:
MP3jam

Description:
MP3jam Setup

Version:
1.1.0.0

MD5:
1a34cc9ea4cec0d8d9831905f9588294

SHA-1:
e8beba40b80faaf49bbde54df27b7d8f526c37c8

SHA-256:
56cb90a02d6bdb0e5de3ed8bd17b102e26e3cffb10bc9294911ba91714b2b35a

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/15/2024 7:44:09 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
8.9341

Reason Heuristics
PUP.OpenCandy.Installer (L)
16.11.29.19

Trend Micro House Call
TROJ_GEN.F47V0220
7.2.116

File size:
5.2 MB (5,467,896 bytes)

Product version:
1.1.0.0

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mp3jamsetup.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
11/14/2012 11:59:40 AM

Valid to:
11/13/2014 12:32:44 PM

Subject:
E=contact@mp3jam.org, CN=Orbita LLC, O=Orbita LLC, L=Nizhny Novgorod, S=Nizhny Novgorod oblast, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121680C4CC61E231584CCF3BC888E070A26

File PE Metadata
Compilation timestamp:
10/9/2012 9:48:22 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:iGAND2UMRL0XcwHQPPAtb+w/OQXmPQ8cKPJenM4JkrwJPSbckZdnCWdQez95v:iGAAUuL0B4AZz/OQX8InMHwwwkvnfZB

Entry address:
0xF3BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 64, ED, 40, 00, E8, E8, 71, FF, FF, 33, C0, 55, 68, 89, FA, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 45, FA, 40, 00, 64, FF, 32, 64, 89, 22, A1, 48, 3B, 41, 00, E8, BE, F7, FF, FF, E8, 65, F3, FF, FF, 8D, 55, EC, 33, C0, E8, F7, C3, FF, FF, 8B, 55, EC, B8, 4C, 66, 41, 00, E8, 6A, 58, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 4C, 66, 41, 00, B2, 01...
 
[+]

Entropy:
7.9851

Developed / compiled with:
Microsoft Visual C++

Code size:
59 KB (60,416 bytes)

The file mp3jamsetup.exe has been seen being distributed by the following URL.

Remove mp3jamsetup.exe - Powered by Reason Core Security